Update wolfSSL to 5.1.1 and fix any issues

* Bumps to wolfSSL 5.1.1
* Fixup `make clean`
* Move `wolfssl` src to root
* Switch test from DigiCert to GlobalSign (`python.org` ditched DigiCert
  years ago)
* Make SSLContext call `wolfSSL_Init()` which fixes a few issues
* Make `setup.py` compile CFFI and wolfSSL C code
* Fully enable SSLv3 support
* Add TLSv1.3 support
* Fix bug in `wolfSSL_Free()` usage
* Update `tox.ini` to a currently supported platform

Author: LinuxJedi

Makefile

@@ -30,9 +30,11 @@ clean: clean-build clean-pyc clean-test ## remove all build, test, coverage and
 
 
 clean-build: ## remove build artifacts
+	rm -fr lib/
 	rm -fr build/
 	rm -fr dist/
 	rm -fr .eggs/
+	rm -fr wolfssl/_ffi*
 	find . -name '*.egg-info' -exec rm -fr {} +
 	find . -name '*.egg' -exec rm -f {} +
 
@@ -81,7 +83,7 @@ servedocs: docs ## compile the docs watching for changes
 
 dist: clean ## builds source and wheel package
 	python setup.py sdist
-	
+
 	./make/osx/build_wheels.sh
 
 	./make/manylinux1/build_wheels.sh

README.rst

@@ -13,6 +13,16 @@ library targeted at IoT, embedded, and RTOS environments primarily because of
 its size, speed, and feature set. It works seamlessly in desktop, enterprise,
 and cloud environments as well.
 
+Compiling
+=========
+
+The `setup.py` file covers most things you will need to do to build and install from source. As pre-requisites you will need to install either from your OS repository or pip. You'll also need the Python development package for your Python version:
+
+* `cffi`
+* `tox`
+* `pytest`
+
+To build a source package run `python setup.py sdist`, to build a wheel package run `python setup.py bdist_wheel`. To test the build run `tox`. The `tox` tests rely on Python 3.9 being installed, if you do not have this version we recommend using `pyenv` to install it.
 
 Installation
 ============

certs/ca-digicert-ev.pem

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G
+A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNp
+Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4
+MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEG
+A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8
+RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsT
+gHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm
+KPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zd
+QQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZ
+XriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAw
+DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+o
+LkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZU
+RUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMp
+jjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK
+6fBdRoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQX
+mcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecs
+Mx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH
+WD9f
+-----END CERTIFICATE-----

certs/ca-globalsign-r3.pem

@@ -28,7 +28,7 @@
 
 
 # Adding src folder to the include path in order to import from wolfssl
-package_dir = os.path.join(os.path.dirname(__file__), "src")
+package_dir = os.path.dirname(__file__)
 sys.path.insert(0, package_dir)
 
 import wolfssl
@@ -93,7 +93,7 @@ def build_extension(self, ext):
     package_dir={"":package_dir},
 
     zip_safe=False,
-    cffi_modules=["./src/wolfssl/_build_ffi.py:ffi"],
+    cffi_modules=["./wolfssl/_build_ffi.py:ffi"],
 
     keywords="wolfssl, wolfcrypt, security, cryptography",
     classifiers=[

setup.py

@@ -27,12 +27,13 @@
 
 HOST = "www.python.org"
 PORT = 443
-CA_CERTS = "certs/ca-digicert-ev.pem"
+CA_CERTS = "certs/ca-globalsign-r3.pem"
 
 
 @pytest.fixture(
     params=["wrap_socket", "wrap_socket_with_ca",
             "wrap_socket_from_context", "ssl_socket"])
+
 def secure_socket(request, ssl_provider, tcp_socket):
     sock = None
 
@@ -64,7 +65,6 @@ def secure_socket(request, ssl_provider, tcp_socket):
         yield sock
         sock.close()
 
-
 def test_secure_connection(secure_socket):
     secure_socket.connect((HOST, PORT))
 

tests/test_client.py

@@ -1,6 +1,6 @@
 [tox]
-envlist = py27, py34, py35, py36
-skip_missing_interpreters = true
+envlist = py39, pep8
+skipsdist = True
 
 [testenv]
 setenv =

tox.ini

@@ -26,7 +26,7 @@
 
 # When bumping the C library version, reset the POST count to 0
 
-__wolfssl_version__ = "v4.8.1-stable"
+__wolfssl_version__ = "v5.1.1-stable"
 
 # We're using implicit post releases [PEP 440] to bump package version
 # while maintaining the C library version intact for better reference.

src/wolfssl/__about__.py wolfssl/__about__.pysrc/wolfssl/__about__.py renamed to wolfssl/__about__.py

@@ -138,6 +138,7 @@ class SSLContext(object):
     """
 
     def __init__(self, protocol, server_side=None):
+        _lib.wolfSSL_Init()
         method = _WolfSSLMethod(protocol, server_side)
 
         self.protocol = protocol

src/wolfssl/__init__.py wolfssl/__init__.pysrc/wolfssl/__init__.py renamed to wolfssl/__init__.py

@@ -24,14 +24,17 @@
 
 from distutils.util import get_platform
 from cffi import FFI
-from wolfssl._build_wolfssl import wolfssl_inc_path, wolfssl_lib_path
+from wolfssl._build_wolfssl import wolfssl_inc_path, wolfssl_lib_path, ensure_wolfssl_src, make, make_flags, local_path
+from wolfssl.__about__ import __wolfssl_version__ as version
 import wolfssl._openssl as openssl
 import subprocess
 import shlex
 import os
 from ctypes import cdll
 from collections import namedtuple
 
+libwolfssl_path = ""
+
 def make_optional_func_list(libwolfssl_path, funcs):
     if libwolfssl_path.endswith(".so"):
         libwolfssl = cdll.LoadLibrary(libwolfssl_path)
@@ -52,12 +55,26 @@ def make_optional_func_list(libwolfssl_path, funcs):
 
     return defined
 
-libwolfssl_path = os.path.join(wolfssl_lib_path(), "libwolfssl.a")
-if not os.path.exists(libwolfssl_path):
-    libwolfssl_path = os.path.join(wolfssl_lib_path(), "libwolfssl.so")
+def get_libwolfssl():
+    libwolfssl_path = os.path.join(wolfssl_lib_path(), "libwolfssl.a")
     if not os.path.exists(libwolfssl_path):
-        err = "Couldn't find libwolfssl under {}.".format(wolfssl_lib_path())
-        raise Exception(err)
+        libwolfssl_path = os.path.join(wolfssl_lib_path(), "libwolfssl.so")
+        if not os.path.exists(libwolfssl_path):
+            return 0
+        else:
+            return 1
+    else:
+        return 1
+
+def generate_libwolfssl():
+    ensure_wolfssl_src(version)
+    prefix = local_path("lib/wolfssl/{}/{}".format(
+        get_platform(), version))
+    make(make_flags(prefix, False))
+
+if get_libwolfssl() == 0:
+    generate_libwolfssl()
+    get_libwolfssl()
 
 WolfFunction = namedtuple("WolfFunction", ["name", "native_sig", "ossl_sig"])
 # Depending on how wolfSSL was configured, the functions below may or may not be
@@ -175,6 +192,7 @@ def make_optional_func_list(libwolfssl_path, funcs):
     /**
      * SSL/TLS Session functions
      */
+    void wolfSSL_Init();
     WOLFSSL* wolfSSL_new(WOLFSSL_CTX*);
     void  wolfSSL_free(WOLFSSL*);
 
@@ -276,5 +294,4 @@ def make_optional_func_list(libwolfssl_path, funcs):
 ffi_cdef = cdef + openssl.construct_cdef(optional_funcs)
 ffi.cdef(ffi_cdef)
 
-if __name__ == "__main__":
-    ffi.compile(verbose=True)
+ffi.compile(verbose=True)